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(57) Abstract: A method and apparatus for providing multiple layer encrypted Internet, Intranet, or e-mail communication device 
Q (14) communications. Id particular, the process of encrypting Internet (18), Intranet, or e-mail messages with encryption algorithms 

embedded in integrated circuits incorporated into the communication device (14), with access to the encrypting circuit requiring a 
^ validation of a randomly generated cypher key and an user defined password 
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Communication on the Internet between two parties can take place using two different methods: 

1 . Sending data: when one party groups a message and/or data package into a specific formatted 
sequence, attaches the Internet address, termed an Internet Protocol (IP) Address and then 
sends the message and IP Address to the Internet. The data is typically packetized using 
commercially available software and sent from the computer through the communication 
device onto the Internet. 

2. Accessing data: when one party connects to a public or private database across the Internet 
by connecting to the database's website. Access is typically made by using the 
communication device to connect to the website's URL Address. 

Originally, the security of these communications was not an issue as very few individuals 
possessed the necessary computer hardware or technical expertise to intercept the messages. 
However, the arrival of inexpensive personal computers and the explosion in the popularity of 
the Internet in particular electronic commerce (e-commerce), prompted the development of 
computer communication security devices. 

The existing method of security that presently exists is computer software programs that 
encrypt communication data between two users using encryption algorithms, such as the 
Blowfish algorithm. U.S. Pat. No. 6,014,444 relies an cypher key approach for encryption. These 
methods involve using a key, known by both the sender and receiver, which is used by the 
encryption algorithm to encode the data into an unrecognizable format.. The data is then passed 
from the sender to the receiver. After successful transmission, the receiver has an encrypted data 
package. The receiver must then get the key from the sender and use it to re-run the same 
decryption algorithm to decrypt the message. An example of this software is found in the 1999 
PC Guardian Incorporated "Encryption Plus for Email" product datasheet. 

The security of these software encryption systems may be compromised as the software 
(therefore the encryption algorithm) may be subject to computer hacking. Furthermore, the 
myriad of encryption software has led to incompatibilities. One encryption program is generally 
incompatible with a competing company's software. Therefore, the sender and the receiver must 
be using the same program. Lastly, once the encryption algorithm has been compromised, 
messages encrypted with the algorithm may easily decrypted. A person located external to the 
communications network may intercept and decrypt the message if the software has been 
effectively "hacked". 

A different security approach has involved the use of computer smart cards. U.S. Pat. No. 
5,761,306 provides other improved methods of encryption involving a system of computers to 
exchange public keys over an insecure network. These systems rely on a combination of nodes 
that are implemented by a computer, smart card, a stored data card in combination with a 
publicly accessible node machine. This system, however, will still depend on the effectiveness 
of the underlying encryption software and require the user to possess a smart card to effectively 
operate. Additionally, these software encryption systems generally only provide single layer 
encryption, in that the entire message will be encrypted using one algorithm. 
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BRIEF DESCRIPTION OF THE DRAWING 

The present invention is illustrated by way of example, and not by way of limitation, in the 
figures of the accompanying drawings and in which like reference numerals indicate similar 
elements and in which: 

FIG1 is a block diagram of a typical communication network. 

FIG 2 is a block diagram of a computer with a communications device. 

FIG 3 is a block diagram of an encryption/decryption communication device in accordance with 
an embodiment of the present invention. 

FIG 4 is a flow chart of the encryption/decryption method in accordance with an embodiment of 
the present invention. 

DETAILED DESCRITPION OF THE PRESENT INVENTION 

The present invention contains all the functions necessary for secure communications in one 
physical device as referenced in figure 3. This device contains an encryption and decryption 
integrated circuit 30 that uses a combination of asymmetric and symmetric functions to encrypt 
and decrypt data. The encryption/decryption integrated circuit can be accessed by the user 
through a password protected user interface controller 32. This communication device also 
contains a signal processor 34 used to process the incoming and outgoing data. This may include 
multiplexing, de-multiplexing, modulating, demodulating, encoding, decoding, and error 
-detection and correction. Memory 36 is included within the device for algorithm, control, and 
data storage. A network interface 38, electrical power 40, and a clock for internal timing 42 is 
also part of the communication device. 

The present invention involves a multiple step process which is added to existing standard 
Internet communication sequences for both sending and accessing data A primary private key is 
encrypted using a public/private key pair, then the remainder of the data is encrypted with a 
faster algorithm using another randomly generated primary key. An Encrypted Internet 
Communication System is required at both the sender and receiver for successful secure 
transmission. The verification process is completed using a set of software and hardware 
verification steps that unlock the encryption algorithm hardware to the receiver. The process 
involves a communication setup, a sender sequence and a receiver sequence. The process is as 
follows: 
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1 . After message data received by receiver, receiver requests software to de-enciypt data 58. 

2. Software requests a password to communication device; receiver enters password. 

3. Software transfers receiver password to communication device. Compare of password is 
completed by communication device. If matched, de-encrypt sequence is allowed to 
continue. If not matched, sequence is halted and error message is passed back to software. 

4. Software then sends a unencrypted e-mail on to the Internet through the communication 
device that provides a return message to the same (receiver) IP Address. The message will 
include a unique code to signify a verification check (unique verification code) and the IP 
Address. Numerous techniques can be used to verify the e-mail has reached the actual 
Internet, such as, use of "Certification Authority", reading the Domain Name Server and 
returning verification data and/or use of a private server that provides a return of the e-mail 
with verification of reaching the Internet. In all cases, the message will return to the receiver 
IP Address along with the unique verification code. 

5. If the receiver's IP address is verified then the encryption of the data can proceed. 

6. Software then transfers data to communication device. 

7. The receiver's private key (as part of its private/public key pair) is then used to decrypted the 
sender's private key 60. 

8. Then the receiver uses the sender's private key to decrypt the message 62. 

9. The receiver's communication device deletes the sender's private key 64. 

10. The receiver's communication device sends a message receipt to the sender 66. 

CONCLUSIONS, RAMIFICATIONS, AND SCOPE OF INVENTION 

Accordingly, the reader will see that the present invention provides multiple layer of 
encryption, yet will not impinge on the operational utility of the computer communications 
device. Furthermore, the apparatus and process outlined above prevents or efficiently deters 
external computer theft of sensitive information. Lastly, the apparatus and process may be 
upgraded with the addition of different algorithms. 

While the above description contains many specifications, these specifications should not be 
construed as limitations on the scope or utility of the invention, but are presented to exemplify a 
preferred embodiment thereof. 

Accordingly, the scope of the invention should be determined not by the embodiments 
presented, but by the appended claims and their legal equivalents. 



WO 01/55850 



PCT/US01/02833 



CLAIMS 

Sa ' d£ircU " OTb « , ^- a »Priva tt s isMlurecyp|lerkey . 

said circuit embedded with • 

wnmetnc cr,cryp tion a | gonUms . 

2. An apparatus as recited in claim . „,u 

3- A process to permit access to said An 

w^„ user to JdS£ S"^^™ *~ -*d i„ ci™ , , 
means for converting multiple user define 

meansf '^defined passwords into digital bitarrays- 

means for programming said dieitaJ hir • 

" e "S"** Seated within said 

means for verifying future user reuuest tn a 



SUBSTITUTE SHEET (RVLE 



# 



WO 01/55850 V mCT/USOl/02833 




4. A process to bypass said encryption and decryption circuit recited in claim 1 , comprising 
means for said computer communication device operating without accessing said circuit, thereby 
said communications device operating unencrypted. 

5. A method of sending encrypting Internet or e-mail messages, comprising the steps of : 
encrypting a message using an integrated circuit embedded with encryption algorithms, 
said integrated circuit further embedded with a private signature cypher key; 

said integrated circuit further embedded with a common digital bit array; 

appending an encrypted message header to said encrypted message, said message header 
encrypted using a receiver's public encryption key; 

said encrypted message header further comprising the sender's private signature cypher key and 
a common digital bit array; 

means for transmitting said encrypted message header and said encrypted message to receiver 
over Internet; 

means for transmitting said encrypted message header and said encrypted message to receiver 
over Intranet; 

means for transmitting said encrypted message header and said encrypted message to receiver by 
e-mail. 

6. A method of receiving and decrypting an encrypted message as recited in claim 5, 
comprising the steps of : 
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appending to the message at said sending unit the receiver's unencrypted IP address; 
appending to said message the receiver's encrypted IP address; 

said sending unit sends said encrypted message with said unencrypted IP address and said 
encrypted IP address; 

receiving „„i, with m falegrattd ctah embedded ^ ^ ^ ^ 
satd recetvtng uni, receives said encrypled messase ^ ^ )p ^ 

encrypted IP address using a receiving unit; 

giving utri, decrypts ^ , p addre ^ ^ ^ dK[ypttd ip ^ ta a 

but., .n.o satd mtegmted circuit embedded encryption algorithm iocated within receiving 

receiving unit store, said unencrypted IP address in a register built imo said integrated circuit 
embedded with an encryption algorithm located within receiving unit; 

mean, for comparing said register storing unencrypted IP address to said register storing 
decrypted IP address; 

unit decrypts said message if said register storing unencrypted ,P address matches said 
register storing encrypted IP address; 

means for halting decryption process if aaid register storing unencrypted IP address does no, 
match said register storing encrypted IP address. 
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